CMMC Domain IA Identification and Authentication

Closely tied to Access Control, this Domain contains practices to ensure that only the person assigned to a user account is the one using it.

IA.L1-3.5.1: Identification: Identify system users, processes acting on behalf of users, and devices.
IA.L2-3.5.6: Identifier Handling: Disable identifiers after a defined period of inactivity.
IA.L2-3.5.3: Multifactor Authentication: Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.
IA.L2-3.5.5: Identifier Reuse: Prevent reuse of identifiers for a defined period.
IA.L1-3.5.2: Authentication: Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems.
IA.L2-3.5.7: Password Complexity: Enforce a minimum password complexity and change of characters when new passwords are created.
IA.L2-3.5.11: Obscure Feedback: Obscure feedback of authentication information.
IA.L2-3.5.9: Temporary Passwords: Allow temporary password use for system logons with an immediate change to a permanent password.
IA.L2-3.5.4: Replay-Resistant Authentication: Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.
IA.L2-3.5.8: Password Reuse: Prohibit password reuse for a specified number of generations.
IA.L2-3.5.10: Cryptographically-Protected Passwords: Store and transmit only cryptographically-protected passwords.